CISA Adds Critical Fortinet FortiWeb Path Traversal Vulnerability to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Fortinet FortiWeb, identified as CVE-2025-64446 with a CVSS score of 9.1, to its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability is a relative path traversal issue affecting Fortinet FortiWeb version 8.0.0. Path traversal vulnerabilities allow attackers to access files and directories outside the web root folder, potentially leading to unauthorized data access or system compromise. Given its high CVSS score and inclusion in the KEV catalog, this vulnerability poses a significant risk and is known to be actively exploited in the wild. Organizations using Fortinet FortiWeb 8.0.0 should prioritize patching to mitigate the risk of exploitation. This addition underscores the importance of timely patch management and continuous monitoring of security advisories. Cybersecurity professionals should ensure that their incident response plans are updated to address this vulnerability and monitor network traffic for signs of exploitation attempts. The inclusion of this vulnerability in CISA's KEV catalog highlights the critical nature of securing web application firewalls, which are often key components in an organization's defense strategy.